Risk Management

We are promoting the development and operation of Group-wide systems that enable us not only to identify and prevent latent risks, but also to respond rapidly to and deal with risks that have already manifested themselves.

We have established a Risk Management Committee responsible for building and managing a Group-wide risk management system under the umbrella of the CSR Conference, our highest decision-making body regarding CSR. The committee is advancing the development and management of a Group-wide system to work on identifying and preventing potential risks and to swiftly respond to and resolve materialized risks.
Additionally, each committee reports to the CSR Conference on the status of its activities and future plans regarding its control activities related to the risks within its jurisdiction.

Individual risks that have materialized are handled by the committee or department in charge of that risk, and are reported to the Risk Management Committee, including the status of implementing recurrence prevention measures and horizontal rollout.
The Risk Management Committee monitors whether risk management within Zeon Group is appropriately controlled and prepares a Group-wide risk list. Based on the list, the committee reports on control activities related to Group-wide critical risks to the CSR Conference and the Board of Directors to confirm risk management effectiveness.
Moreover, each organization within Zeon Group prepares its own list of risks, recognizes risks specific to that organization along with Group-wide risks, and implements any control activities needed based on the recognition. Evaluations and control activities for these individual risks are compiled by the Risk Management Committee and shared with the individual committees and departments they fall under, thereby increasing the effectiveness of Group-wide risk management activities.
Group-wide risks include those related to climate change and human rights, among others.

Recognizing the need on business continuity to minimize the impact of damage from disasters such as earthquakes and severe storm and flood damage, we have formulated a Business Continuity Plan (BCP), and we implement training to enhance its effectiveness. In FY2024, we conducted two whole-company emergency headquarters drills, one whole-company emergency headquarters secretariat drill, and two plant drills. Through these drills and other activities, we ensure the effectiveness of our BCP and work to strengthen our resilience to disasters.
In addition, each individual business division and plant has formulated its own BCP, and has put in place systems to facilitate a rapid response in the event of an emergency. We are also implementing Business Continuity Management (BCM) to maintain and strengthen our BCP and its effectiveness through ongoing improvement and our unique training.

We have put in place an whistleblowing system to identify information about potential risks as early as possible so that appropriate action can be taken. Reporting channels for risk information include internal channels such as reporting through superiors and reporting directly to the Compliance Committee secretariat. We have also set up the web-based Compliance Helpline, which allows anonymous reporting. In addition, we have established the Lawyer HOTLINE, with an outside attorney serving as the contact point, broadening the options available to whistleblowers (1 to 4 in the flowchart).
This whistleblowing system accepts reports related to overall compliance, including harassment and the prevention of corruption and bribery.
Upon receiving a report, the Compliance Committee secretariat investigates the facts regarding the report and, based on the results, takes appropriate actions such as instructing relevant internal departments to implement countermeasures.

Whistleblowing flowchart

As part of our aim to be a company people can trust, we have set up a specialized security department as part of our information security measures as we work to strengthen information security. To date, our main efforts have included technical measures to strengthen the cloud environment.
Our efforts have also included organizational measures, in which the Cyber Security Committee reports directly to the representative director. The committee oversees planned cybersecurity enhancements and provides prompt emergency response. It is also responsible for managing electronic information security.
In addition, a Computer Security Incident Response Team (CSIRT) within the committee ensures prompt response in the event of security incidents, forming a highly effective response system.